We will use the iGoat app to demonstrate this vulnerability. Follow the given steps to reveal sensitive information that is stored in NSUserDefaults:
Start the iGoat iOS application and select the Keychain Usage exercise:
Let's download iGoat application files from
/var/mobile/Containers/Data/Applicationusing SFTP and then navigate to Library | Preferences and you will observe the
com.krvw.iGoat.plistfile. Open the file using the Vim editor and you will see the data in binary, which is not in human-readable format:
Let's convert the binary file into the XML format so that we can read its contents. You can use the plutil utility to convert the binary file into the XML format, as shown...